CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.
The benefits of CageFS are:
- Only safe binaries are available to user
- User will not see any other users, and would have no way to detect presence of other users & their usernames on the server
- User will not be able to see server configuration files, such as apache config files.
- At the same time, user's environment will be fully functional, and user should not feel in any way restricted. No adjustments to user's scripts are needed.
- Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
- LiteSpeed Web Server
- Cron Jobs
- SSH
- Any other PAM enabled service (requires additional configuration)
Note: mod_php is not supported, MPM ITK requires custom patch
Comparing to SecureLVE, CageFS has following improvements:
- No changes to /etc/passwd file, no longer requires custom shell
- Support for any PAM enabled service
- Enable All/Disable All modes with white listing
- Single binary to control all CageFS operations
- cPanel support
- Faster & better skeleton update procedures
- Prefixes used in /var/cagefs to better scale in environments with large number of customers
- namespaces for better security
- Improved skeleton configuration via multiple config files
- Automatic mount point file generation
- Numerous other bug fixes and performance improvements
CageFS documentation and installation procedures can be found here: http://www.cloudlinux.com/docs/cagefs
If you are using SecureLVE, please, contact our support and we will help you to upgrade to CageFS.